What were you trying to do that didn't work?

When seccomp is enabled, it block faccessat syscall required on aarch64 for connection adding. It needs to get enabled.

What is the impact of this issue to you?

Seccomp filtering feature cannot be used on aarch64.

Please provide the package NVR for which the bug is seen:

libreswan-5.1-6.el10.aarch64

How reproducible is this bug?:

100% on aarch64

Steps to reproduce

# cat /etc/ipsec.conf
config setup
 seccomp=enabled

conn test
 authby=secret
 left=%defaultroute
 right=10.8.3.52
 ikev2=insist
 auto=add

# service ipsec start

# ausearch -ts recent -i -m SECCOMP

Expected results

Connection 'test' added correctly, no SECCOMP audit events found.

Actual results

Connection 'test' failed to be added and the following event is produced:

type=SECCOMP msg=audit(03/04/2025 07:39:37.599:201) : auid=unset uid=root gid=root ses=unset subj=system_u:system_r:ipsec_t:s0 pid=6464 comm=addconn exe=/usr/libexec/ipsec/addconn sig=SIGSYS arch=aarch64 syscall=faccessat compat=0 ip=0xffff92e23698 code=kill-thread

Additional information

Fixed in https://github.com/libreswan/libreswan/pull/2068